GitHub
UncleCatMySelf/myself-security
前言
大致簡介項目主要逐步迭代講解Spring Security + Spring Social + Spring Security OAuth + REST服務開發,通過實際的案例開發來講解,項目註解詳細適合作爲教程案例,同時對代碼的演進還有重構也會有對應的推文講解!
什麼是登錄與賬戶安全!?
大多數初級的程序員可能理解的比較簡單,即普通的表單登錄,數據查詢等等,但是真正的企業登錄權限系統是如何的呢?現在大多數主流的權限系統一般都是使用Spring Security了,而我們的主題也是它,讓我們來深入瞭解這個權限框架吧!
項目搭建
首先是項目的目錄,項目採用Maven多模塊模式開發。
1、Myself-security:主模塊(pom)
2、Myself-security-core:核心業務邏輯(jar)
3、Myself-security-browser:瀏覽器安全特定代碼(jar)
4、Myself-security-app:app相關特定代碼(jar)
5、Myself-security-demo:樣例程序(jar)
相關Pom文件
讓我們來了解項目的主模塊的pom文件,這個的packaging要選擇爲pom形式,我們選擇引入Spring IO來控制版本,還有配置Maven插件,具體如下
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.myself.security</groupId>
<artifactId>myself-security</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>pom</packaging>
<!-- 配置版本參數 -->
<properties>
<myself.security.version>1.0-SNAPSHOT</myself.security.version>
</properties>
<!-- 幫助我們管理Maven依賴的版本,由spring IO 來指定版本 -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>Cairo-SR4</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Finchley.SR1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<!-- 配置Maven插件 -->
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.7.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
<!-- 子模塊引入 -->
<modules>
<module>../myselfsecuritycore</module>
<module>../myselfsecuritydemo</module>
<module>../myselfsecuritybrowser</module>
<module>../myselfsecurityapp</module>
</modules>
</project>
接下來是core的核心組件,這一塊的代碼較多,我中間部分就省略了,具體可以去GitHub查看
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- 父模塊信息 -->
<parent>
<artifactId>myself-security</artifactId>
<groupId>com.myself.security</groupId>
<version>1.0-SNAPSHOT</version>
<relativePath>../myselfsecurity</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>myself-security-core</artifactId>
<dependencies>
<!-- 引入所有與Spring Security相關的jar包 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>...</groupId>
<artifactId>...</artifactId>
</dependency>
</dependencies>
</project>
而app模塊是針對App的權限,這一塊只要引入core組件即可
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- 父模塊信息 -->
<parent>
<artifactId>myself-security</artifactId>
<groupId>com.myself.security</groupId>
<version>1.0-SNAPSHOT</version>
<relativePath>../myselfsecurity</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>myself-security-app</artifactId>
<!-- 引入core核心代碼組件 -->
<dependencies>
<dependency>
<groupId>com.myself.security</groupId>
<artifactId>myself-security-core</artifactId>
<version>${myself.security.version}</version>
</dependency>
</dependencies>
</project>
對於browser瀏覽器模塊,則需要加Session集羣管理,由於app是使用token,而瀏覽器則是session
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- 父模塊信息 -->
<parent>
<artifactId>myself-security</artifactId>
<groupId>com.myself.security</groupId>
<version>1.0-SNAPSHOT</version>
<relativePath>../myselfsecurity</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>myself-security-browser</artifactId>
<dependencies>
<!-- 引入core核心代碼組件 -->
<dependency>
<groupId>com.myself.security</groupId>
<artifactId>myself-security-core</artifactId>
<version>${myself.security.version}</version>
</dependency>
<!-- 集羣環境下的session管理 -->
<!-- 部分組件的版本還未在Spring IO更新,這裏要自己引入 -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
<version>1.3.3.RELEASE</version>
</dependency>
</dependencies>
</project>
demo組件是我們的代碼測試區,還有功能實現測試,我們暫時先引用browser模塊。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- 父模塊信息 -->
<parent>
<artifactId>myself-security</artifactId>
<groupId>com.myself.security</groupId>
<version>1.0-SNAPSHOT</version>
<relativePath>../myselfsecurity</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>myself-security-demo</artifactId>
<dependencies>
<!-- 引入browser代碼組件 -->
<dependency>
<groupId>com.myself.security</groupId>
<artifactId>myself-security-browser</artifactId>
<version>${myself.security.version}</version>
</dependency>
<!-- 用於接口測試 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
</dependencies>
<!-- 用於打包 -->
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.0.5.RELEASE</version>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<finalName>demo</finalName>
</build>
</project>
啓動類
接下來我們要編寫啓動類,我使用了Swagger插件,還有初始化時我們先移除Security的登錄驗證,當然yml配置文件也要先關了Session管理
package com.myself;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
/**
* @author MySelf
* @create 2018/9/15
* @desc Demo SpringBoot 啓動類
**/
@SpringBootApplication
@RestController
@EnableSwagger2
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})
public class DemoApplication {
/**
* 啓動類
* @param args {@link String}
*/
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class,args);
}
/**
* 初始化創建接口服務
* @return {@link String}
*/
@GetMapping("/hello")
public String hello(){
return "Hello Spring Security";
}
}
結尾
好了,運行項目,我們就可以看到初始化成功的項目啦!
如果本文對你有幫助,歡迎關注個人技術公衆號,謝謝。